﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
using System.Collections.Generic;

public partial class ajax_getNote : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["id_user"] != null && Session["permission"] != null)
        {
            try
            {
                int userId = Int32.Parse(Session["id_user"].ToString());
                int workId = Int32.Parse(Request.QueryString["id"]);
                string sql = "SELECT projectId FROM work WHERE id=" + comm.to_sql(workId.ToString(), "number");
                DataTable dtTable = dal.SelectTable(sql);
                int projectId = 0;
                if (dtTable.Rows.Count == 1)
                {
                    projectId = Int32.Parse(dtTable.Rows[0]["projectId"].ToString());
                }
                else
                    throw new Exception("FAIL");

                #region check user is enable to access this project
                SqlParameter[] listParams = new SqlParameter[3];
                //-- param 1: @userId
                SqlParameter param = new SqlParameter("@userId", userId);
                param.SqlDbType = SqlDbType.Int;
                param.Direction = ParameterDirection.Input;
                listParams[0] = param;

                //-- param 2: @projectId
                param = new SqlParameter("@projectId", projectId);
                param.SqlDbType = SqlDbType.Int;
                param.Direction = ParameterDirection.Input;
                listParams[1] = param;

                //-- param 3: @isAccess
                param = new SqlParameter();
                param.ParameterName = "@isAccess";
                param.SqlDbType = SqlDbType.Int;
                param.Direction = ParameterDirection.Output;
                listParams[2] = param;

                dal.ExecuteSP("proCheckAccessProject_GET", listParams);
                int enable = Int32.Parse(listParams[2].Value.ToString());
                if (enable == 0)
                    throw new Exception("FAIL");
                #endregion

                #region check user is enable to view this work in project
                if (((int)Session["permission"]) >= 4) // default permission is leader or user
                {
                    sql = " SELECT permission FROM UserProject " +
                          " WHERE userId=" + comm.to_sql(userId.ToString(), "number") +
                          " AND projectId=" + comm.to_sql(projectId.ToString(), "number");
                    dtTable = dal.SelectTable(sql);
                    if (dtTable.Rows.Count == 1)
                    {
                        int permission = Int32.Parse(dtTable.Rows[0]["permission"].ToString());
                        if (permission >= 5) // is normal user in this prorject
                        {
                            sql = "SELECT [public] FROM project WHERE id=" + comm.to_sql(projectId.ToString(), "number");
                            dtTable = dal.SelectTable(sql);
                            if (dtTable.Rows.Count == 1)
                            {
                                string strpublic = dtTable.Rows[0]["public"].ToString();
                                if (strpublic.ToLower() == "false") // this project is not public
                                {
                                    sql = "SELECT userId FROM work WHERE id=" + comm.to_sql(workId.ToString(), "number");
                                    dtTable = dal.SelectTable(sql);
                                    if (dtTable.Rows.Count != 1)
                                        throw new Exception("FAIL");
                                    int idTemp = Int32.Parse(dtTable.Rows[0]["userId"].ToString());
                                    if (idTemp != userId)   // this work is taked by current user
                                        throw new Exception("FAIL");
                                }
                            }
                            else
                                throw new Exception("FAIL");
                        }
                    }
                    else
                        throw new Exception("FAIL");
                }
                #endregion

                #region read note and attach
                sql = "SELECT note.id,userId,username,[content],convert(varchar,date,103) as 'date'" +
                      " FROM note,[user] " +
                      " WHERE [user].id=note.userId AND workId=" + comm.to_sql(workId.ToString(), "number");
                dtTable = dal.SelectTable(sql);
                string strResponse = "";
                foreach (DataRow row in dtTable.Rows)
                {
                    int idNote = Int32.Parse(row["id"].ToString());
                    strResponse += "<div id='note" + idNote.ToString() + "'>";
                    strResponse += "<span class='note_username'>";
                    strResponse += row["username"].ToString();
                    strResponse += "</span>";
                    strResponse += "<span class='note_date'>";
                    strResponse += " (" + row["date"].ToString()+")";
                    strResponse += "</span>";
                    strResponse += "<div class='note_content'>";
                    strResponse += row["content"].ToString();
                    strResponse += "</div>";
                    strResponse += "<div class='note_attach'>";

                    sql = "SELECT name,link FROM attach WHERE noteId =" + comm.to_sql(idNote.ToString(), "number");
                    DataTable tableTemp = dal.SelectTable(sql);
                    if (tableTemp.Rows.Count > 0)
                    {
                        foreach (DataRow aRow in tableTemp.Rows)
                        {
                            int length = (aRow["name"].ToString().Length <= 20) ? aRow["name"].ToString().Length : 20;
                            strResponse += "<a href='../" + aRow["link"].ToString() + "' >" +
                                            aRow["name"].ToString().Substring(0, length) + "</a><br/>";
                        }
                    }

                    strResponse += "</div>";
                    strResponse += "</div>";
                    strResponse += "<div class='clearheight2'></div>";
                }
                #endregion
                throw new Exception(strResponse);
            }
            catch (Exception ex)
            {
                Response.Write(ex.Message);
            }
        }
    }
}
